Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5582

Sentry privileges assigned to objects defined in upper case can get deleted from the catalog

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Impala 2.9.0
    • Impala 2.10.0
    • Catalog
    • None
    • ghx-label-3

    Description

      Steps to recreate -

      create database xbase1;
      create database xbase2;
      create role xrole;
      grant select on database XBASE1 to role xrole;
      grant select on database XBASE2 to role xrole;
      show grant role xrole;
      
      Impala:
      > show grant role xrole;
      Query: show grant role xrole
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | scope | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | DATABASE | XBASE1 | | | | SELECT | false | NULL |
      | DATABASE | XBASE2 | | | | SELECT | false | NULL |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      Fetched 2 row(s) in 0.08s
      
      - Wait one minute and repeat
      
      > show grant role xrole;
      Query: show grant role xrole
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | scope | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | DATABASE | xbase2 | | | | SELECT | false | Thu, Jun 08 2017 12:10:31.159 |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      Fetched 1 row(s) in 0.07s
      

      Catalog logs -

      I0626 11:43:51.265414 16261 AuthorizationPolicy.java:120] Adding privilege: server=server1->db=xbase2->action=SELECT role ID: 2
      I0626 11:43:51.265466 16261 AuthorizationPolicy.java:129] Adding privilege: server=server1->db=xbase2->action=SELECT to role: xroleID: 2
      I0626 11:43:51.265539 16261 AuthorizationPolicy.java:120] Adding privilege: server=server1->db=xbase1->action=SELECT role ID: 2
      I0626 11:43:51.265576 16261 AuthorizationPolicy.java:129] Adding privilege: server=server1->db=xbase1->action=SELECT to role: xroleID: 2
      I0626 11:43:51.791312 16267 catalog-server.cc:320] Publishing update: PRIVILEGE:2.server=server1->db=xbase2->action=SELECT@1128
      I0626 11:43:51.791333 16267 catalog-server.cc:320] Publishing update: PRIVILEGE:2.server=server1->db=xbase1->action=SELECT@1129
      I0626 11:43:51.791352 16267 catalog-server.cc:320] Publishing update: CATALOG:64ff2a46cb8f4014:a57cd5975d2b7298@1129
      I0626 11:43:51.791355 16267 catalog-server.cc:339] Publishing deletion: PRIVILEGE:2.server=server1->db=XBASE1->action=SELECT
      I0626 11:43:51.791357 16267 catalog-server.cc:339] Publishing deletion: PRIVILEGE:2.server=server1->db=XBASE2->action=SELECT
      

      Attachments

        Activity

          People

            anujphadke Anuj Phadke
            anujphadke Anuj Phadke
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: